At a hearing -- "America is Under Cyber Attack: Why Urgent Action is Needed" -- a number of security experts spoke about the impact of attacks on the critical IT systems that make companies and the country run.
[ Also on InfoWorld: Concerns about CISPA cyber security bill spread. | Learn how to secure your systems with InfoWorld's Malware Deep Dive PDF special report and Security Central newsletter, both from InfoWorld. ]
"It is difficult to overstate the potential harm these threats pose to our economy, our national security, and the critical infrastructure upon which our country relies. The number and sophistication of cyber attacks has increased dramatically over the past five years and is expected to continue to grow," said Shawn Henry, former executive assistant director for the FBI's Criminal, Cyber, Response, and Services. Henry is now president of CrowdStrike Services. "The threat has reached the point that, given enough time, motivation, and funding, a determined adversary will likely penetrate any system that is accessible directly from the Internet."
As part of the hearing, the watchdogs at the Government Accountability Office laid out some of the basics of the security problems facing the industry.
"Cyber-based threats are evolving and growing and arise from a wide array of sources. These threats can be unintentional or intentional. Unintentional threats can be caused by software upgrades or defective equipment that inadvertently disrupt systems. Intentional threats include both targeted and untargeted attacks from a variety of sources, including criminal groups, hackers, disgruntled employees, foreign nations engaged in espionage and information warfare, and terrorists. These threat sources vary in terms of the capabilities of the actors, their willingness to act, and their motives, which can include monetary gain or political advantage, among others," said Gregory Wilshusen, director, Information Security Issues, with the GAO.
According to the GAO, the most common sources of cyber threats include: